Researchers say the groups behind two botnets have teamed up to distribute malware. The bot herders running the Avalanche and ZBot botnets are now working together to promote notorious banking Trojan Zeus.

The Zbot botnet is known for its massive spam campaigns that link to Zeus and Avalanche is known as a hot spot for phishing scams. Presumably the two groups decided that by working together they could increase their profits. The criminal groups behind the scheme are anonymous and little is known about them. They are using each other’s infrastructure, an arrangement not uncommon in the cybercrime world, where botnet operators often rent out the services of their botnets.

          Vincent Hanna, an investigator for anti-spam organisation the Spamhaus Project, told ZDNet UK on Friday that the two groups are using each other’s infrastructure on a commercial basis. “There are people who supply botnets, and there are people who ‘rent’ capacity on these botnets,” Hanna said in an email interview. “We see that the same viruses are emitting mails that benefit [the] different groups, either through spammed URLs or attached malware.”

Zeus was recently discovered making itself cozy on a site hosted by Amazon’s EC2 service. It was using the cloud based service as a C&C control center and sending out fake Christmas card spam that contained links to the malware.

Amazon promptly disabled the infected site when it was notified and it is no longer serving files to the botnet.